Basic Setup
We are running HAProxy in a pair of PFsense boxes. In front, we're serving a bunch of IP adresses, and for each IP address, we have a pair of SSL offloaders behind this.
The HAProxy is used to loadbalance between the two. The config is roughly this:
frontend FOO_FRONT_80
bind 5.5.5.5:80 name 5.5.5.5:80 transparent
mode tcp
log global
maxconn 10000
timeout client 30000
use_backend FOO_BACK_80
backend FOO_BACK_80
mode tcp
log global
option log-health-checks
balance source
timeout connect 30000
timeout server 30000
retries 3
source ipv4@ usesrc clientip
server FOO_LB_001 10.0.0.21:80 check inter 10000 weight 100
server FOO_LB_002 10.0.0.22:80 check inter 10000 weight 100
This is serving a couple of tens of thousand of simultanous connections.
Here's a picture:
Issues
All regular GET requests to the loadbalancers go through OK. But POST requests (anything with a request body > 50kBytes) does not, with the connection apparently being cut between the HAProxy and the backend Apaches.
In a lab environment, we have been unable to reproduce this. But in production, these issues disappeared when we switched OFF the transparent client IP setting.
We're now trying to figure out what might be causing this. Could it be a big (I doubt that) or is it some misconfiguration somewhere (where?).
Any help would greatly be appreciated.
ruben